Allow Mails

  • Hi all,
    how to allow gmail pop and smtp in squid ?

  • Could you clarify why you want to achieve this? (I mean pop & smtp through Squid that is not natively neither pop or smtp proxy)

  • Hi Chris..  I setup pfsense with squid. If any one need internet access, I'll configure the proxy on that system. So, the system or tools can't access internet. Only browser will have internet. Now users are using mail clients like thunderbird. If I configured the proxy in thunderbird it won't allowed to send and receive mails. I have to give proxy based mail access. Is that possible?

  • oh, that's clearer now  :-[

    Squid is designed to proxy (relay) HTTP requests. This come with additional features like cache, potentially access control and capability to plug features like anti-virus, content filtering…

    Squid is not supposed to handle other protocols like POP and SMTP, although there are some tricks you could implement.

    The correct way to handle POP and SMTP depends on you current mail infrastructure.

    • basically, without additional internal component, you could add firewall rules allowing access from your LAN to gmail servers on internet for POP/IMAP and SMTP protocols only.
    • another approach, slightly more complex, would be to deploy you own mail server with mail fetching from gmail. This could bring anti-virus for both incoming and outgoing mails
    • something totally different but closer to your initial question: instead of Squid, if you deploy Nginx proxy, it can provide HTTP but also POP and SMTP proxy  ;)  this is however not integrated with pfSense AFAIK

  • thanks chris, i created an aliases as mail_ports and mail_hosts with the ports and URLs.  i allowed LAN net source to Mail_hosts Destination with Mail_ports under the LAN Rules.
    but its not working. should i have to do more Configurations?

  • That's more matter of personal choice but I like to see, directly in this interface, ports handled by FW rules.

    This said, "it's not working" is not very helpful.
    Did you check, e.g. from your workstation, that you can reach target server. This means to be able to resolve name (I suppose pfSense is your DNS) then to access it, f.i. using telnet.

    In case of error, you should be able to tack it directly using pfSense, looking at firewall log in status/system logs/firewall tab.

    This will tell you if this is blocked at FW level.

Log in to reply